CVE-2026-9457

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

EUVD-2026-31677

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter of the function UploadFirmwareFile in the file /cgi-bin/cstecgi.cgi in the component W...

EUVD-2026-21766

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2026-6140

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

VulnCheck KEV: CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...

TOTOLINK N200RE UploadFirmwareFile Function Command Injection Vulnerability

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a failure to properly filter the FileName parameter of the UploadFirmwareFile function on the /cgi-bin/cstecgi.cgi page...

PT-2024-14365 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the UploadFirmwareFile function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...

TOTOLINK LR1200GB 命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a command injection vulnerabili...

PT-2024-1056 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: The issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi, where the manipulation of the FileName argument leads to command injection. This can be exploited...

CVE-2023-51034

TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...

CVE-2023-51034

TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...

TOTOLINK A3300R file_name parameter command injection vulnerability

The TOTOLINK A3300R is a wireless router manufactured by China's Gion Electronics TOTOLINK for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the filename parameter of the UploadFirmwareFile function failing to properly filt...

PT-2023-30277 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: The issue concerns a command injection via the file name parameter in the UploadFirmwareFile function. Recommendations: For TOTOLINK A3300R version 17.0.0cu.557 B20221024, avoid usin...

TOTOLINK A3300R 安全漏洞

The TOTOLINK A3300R is a wireless router manufactured by China's Gion Electronics TOTOLINK for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the filename parameter of the UploadFirmwareFile function failing to properly filt...

CVE-2023-46574

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...

CVE-2022-44249

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function...